pptpd+radius+mysql  安装攻略(part3 mysql部分)

2006.02.10 by i_amok  

1.需要软件,什么都不需要。

你只要给各mysql的库就好了,库结构在

freeradius源码目录下的/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql

你建立一个数据库就好了,我在我自己的机器上建立了一个名字为radius的数据库

并且导入了这个数据库的结构。

2。配置sql.conf

先回到刚才的freeradius的配置文件目录

CODE:[Copy to clipboard]cd /usr/local/freeradius-1.1.0/etc/raddbvi sql.conf

修改连接信息

CODE:[Copy to clipboard]        # Connect info
        server = "192.168.8.53"
        login = "radius"
        password = "radius"

        # Database table configuration
        radius_db = "radius"去掉下面的simul。。。。前面的#
打开sql的用户同时连接数测试的语句

CODE:[Copy to clipboard]        # Uncomment simul_count_query to enable simultaneous use checking
         simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName=’%{SQL-User-Name}’ AND AcctStopTime = 0"3.配置radiusd.conf

注释掉 authorize {
的files
去掉sql前的注释

注释掉 preacct {
的files

注释掉 accounting {
的radutmp
去掉sql前面的#

注释掉 session{
的radutmp
去掉sql前面的#

去掉 post-auth {
sql前的#

总之就是去掉files模块,开启sql模块

4。在数据库中添加用户

在usergroup中添加一个test用户,组名为vpn

在radgroupcheck中添加一个vpn组,
attribute为Simultaneous-Use
op为:=
value为1
的纪录

在radcheck中添加
username为test
attribute为 User-Password
op为==
value为test

这样就添加了一个用户为test,组为vpn,密码为test
并且所有的组用户的都只能1个用户名登陆一次

5.测试
用debug模式启动radiusd

会看到

CODE:[Copy to clipboard][root@kdfng raddb]# ../../sbin/radiusd -x
Starting – reading configuration files …
Using deprecated naslist file.  Support for this will go away soon.
Module: Loaded exec
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded eap
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
rlm_eap: Loaded and initialized type gtc
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded SQL
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to radius@192.168.8.53:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded detail
Module: Instantiated detail (detail)
Initializing the thread pool…
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.用test用户登陆一下.

会看到

CODE:[Copy to clipboard]rad_recv: Access-Request packet from host 127.0.0.1:32768, id=222, length=146
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "test"
        MS-CHAP-Challenge = 0xb6a9e94b94c3c386875043efd5144e17
        MS-CHAP2-Response = 0x38006d78036bb5e40ddeca0ce96b944619e000000000000000007b887b8762be38eb111a94a4b581925b85e07453a38a070f
        Calling-Station-Id = "192.168.8.53"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
Sending Access-Accept of id 222 to 127.0.0.1 port 32768
        MS-CHAP2-Success = 0x38533d33453434464142394232444230413143464539453832444536453534373331383833454238414536
        MS-MPPE-Recv-Key = 0x53a3812a0fd5b6f7b1cf4f6f6796f26b
        MS-MPPE-Send-Key = 0xb8be60559cbc46fd4da277516d6584f3
        MS-MPPE-Encryption-Policy = 0x00000002
        MS-MPPE-Encryption-Types = 0x00000004
rad_recv: Accounting-Request packet from host 127.0.0.1:32768, id=223, length=110
        Acct-Session-Id = "43EC0822056A00"
        User-Name = "test"
        Acct-Status-Type = Start
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Calling-Station-Id = "192.168.8.53"
        Acct-Authentic = RADIUS
        NAS-Port-Type = Async
        Framed-IP-Address = 10.10.110.1
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
        Acct-Delay-Time = 0
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
Sending Accounting-Response of id 223 to 127.0.0.1 port 32768如果你把Simultaneous-Use改成0

会看到

CODE:[Copy to clipboard]rad_recv: Access-Request packet from host 127.0.0.1:32768, id=225, length=146
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "test"
        MS-CHAP-Challenge = 0x2295d4d65913cbc0a7836e986fe4a998
        MS-CHAP2-Response = 0x34001739a3331c1a1a938eed99cda89b691f0000000000000000a8a9e9ae2eadaa6b1acb93e368113dc4ed47dac0a20b1ed8
        Calling-Station-Id = "192.168.8.53"
        NAS-IP-Address = 127.0.0.1
        NAS-Port = 0
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
rad_recv: Access-Request packet from host 127.0.0.1:32768, id=225, length=146
Sending Access-Reject of id 225 to 127.0.0.1 port 32768
        Reply-Message := "rnYou are already logged in – access deniedrnn"提示已经登陆过了,可见那个选项时生效的.

另,我找一个会俄语的,帮我看看

FreeNIBS

FreeNIBS is a loadable plugin for the FreeRADIUSradius server. FreeNIBS provides authorization,authentication, and accounting for dial-in(PPP/PPPOE/PPTP) users. It can be used forreal-time prepaid and postpaid billing. FreeNIBScan bill users based on service accuration, time,traffic, and both time and traffic. FreeNIBS hasvery flexible settings for groups, users, andprices. All data is stored in SQL databases suchas MySQl, PgSQL, and Oracle.

这个东西只有俄文的手册,死活看不来.连配置文件都是俄文的……

如果加上这个就能实现时间和流量的限制.